Using ISO 9001 policies for ISO 27001
We are now in the process of implementing the ISO 9001 standard in our company and we have already developed some policies that are also necessary for implementing ISO 27001 like Access Control Policy, Information Security Policy etc. Once we get certified in ISO 9001 and start with ISO 27001, can we use the same policies that we already developed, or do we need to write?
Assign topic to the user
You can use the same documents you developed for ISO 9001 that are also required by ISO 27001, you only need to ensure that the documents are updated according to the results of the information security risk assessment and applicable information security legal requirements (e.g., laws, regulations, and contracts).
These articles will provide you with a further explanation about integrating management systems:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
Comment as guest or Sign in
May 11, 2022